As part of the What Can I Do series, I have been advocating for you to take inventory of your KSAs (Knowledge, Skills and Abilities) and tasks as they apply to your existing areas of expertise and use them to find areas within Cyber that you have existing experience. The NIST SP 800-181 framework was designed to help define the tasks and knowledge areas that are needed for the cyber security professionals in the workforce. If you’re considering doing a career change or focusing your efforts in school to get a career in Cyber, start with what you know and expand from there. The What Can I Do posts are meant to show roles in cyber security that you can take your existing KSAs to show your experience doing the work. Documenting your areas of experience are only one part of your killer interview, the other is showing areas that you have been working on that may not be demonstrated in your existing work experience. My recent inventory and my goals for world domination showed that for the types of jobs that I plan on claiming, I needed to expand my KSAs. For me, while I have experience in technology, information assurance, development, risk assessment, and project management I need to expand my experience in other areas. To game-plan those areas I developed a list of 10 things I wanted to work on to help increase my KSA. Enter the World Domination Plan (Dramatic music plays in the background). My world domination plan includes 10 areas that I want to expand my breath of knowledge and gain practical experience. Those areas (for me) are Infrastructure, Cloud Computing, Linux (refresher), Certified Ethical Hacking, Python (Scripting languages), Git, Networking, Web Development, APIs, and a Java Refresher. I set up reminders on my calendar on a rotating 10 day schedule where each day I work on one of those 10 items. My goal, is to document practical experience, a portfolio if you will, of the areas I have gained experience outside of my existing role. What does that even mean??? So today was python day 050. Today I’ve been reading my Python 3 Object-Oriented Programming pdf book on my kindle (from a past Python related Humble Bundle) and working on implementing a game I like to play in Python. I like variation in my learning platforms so I’ve got a lot of different resources I use to supplement my Python learning including Codecademy (free trial and then student discounted monthly or annual price… I caught a deal for 119 for a year), ITPro.tv, Python bootcamp on Udemy, Python ethical hacking (another humble bundle gem), and Python for networking engineers (humble bundle). I set up an account on Github and my code is available as I’m working on it. As I take on additional python projects (my next one is to come up with a program to figure out how much I spend on GrubHub a year) my Github account will show my mastery of the python language, my ability to document my code (don’t look for that on my game right now), and my ability to tie in multiple technologies (programming, Git, APIs, VisualStudio for Coding). My plan is to share with you my plan for each of my 10 areas so that you can get ideas for how you can supplement your work experience and show you have more skills than you’ve learned at your job(s).
Mathematicians and Statisticians
Entry Level Education – Master’s degree
2019 Median Pay – $92,030 ($44.25/hour)
Job outlook – 33%
What they do: Mathematicians and statisticians analyze data and apply mathematical and statistical techniques to help solve problems. While mathematicians can work in education or for finance companies, they can also work for the federal government and in the private sector with engineering or consulting companies.
Where do they fall in the NIST – T0057 which is the design, development and modification of software systems using scientific analysis and mathematical models, T0392 Utilize technical documentation or resources to implement new mathematical, data science or computer science methods are skills that are utilized by Software Developers, Security Architects, and Data Analysts
Where do I start: STEM, specifically Math. Calculus and Algorithms are necessary for this type of work.
Computer and Information Research Scientists
Computer and information research scientists invent and design new approaches to computer technology and find innovative uses for existing technology
Entry Level Education – Masters degree
2019 Median Pay – $122,840 ($59.06/hour)
Job outlook – 16%
What they do: Invent new computer tools, invent computer languages, improve software systems, design experiments, publish their findings and present at conferences
Where do I start: Learn a programming language… or 10. There are free/paid resources such as codecademy, udemy, freecodecamp
Where do they fall in the NIST – Research and Development under the Technology R&D Specialty Area
The same way that minimum wage varies by state (despite a federal minimum), people in different areas can make more or less money doing the same jobs. For Information and Security Analysts, there are a wide variety of industries and geographical variations that go into the average salary. The industries with the highest concentration of Information Security Analysts are Financial, Computer Services, Data Processing, Telecommunications, and Enterprise Management. You may find it interesting that although those are the highest concentration of Information System Security Analysts as recorded by the Bureau of Labor Statistics (BLS) in 2019, the industries with the top pay are completely different. While the job description and duties may stay the same, not all industries value Analysts the same way. Similarly, pay discrepancies may also vary based on Location.
As the BLS shows, variations in wages differ not only by industry but by location. Information Analysts get paid more in New York and New Jersey than they do in Virginia and California.
This information has implications for your job search. Once you’ve decided to become a Information Security Analyst, decisions such as industry and location can affect how much you can get paid. If you have flexibility in terms of your location selecting industries that value the role can result in much higher salaries over time.
My background is in Computer Engineering, Electrical and Computer Engineering to be exact. I have worked the last 10-15 years in Quality Assurance performing system audits, software testing, writing documentation including test plans and test scripts, and identifying levels of risk within the organizations I have supported. While it was easy for me to pen point the required tasks that I performed to support my task of getting a Project Management Professional certification, I found it a bit more difficult to identify tasks that I performed specifically within the Cyber Security space. That task is made a bit easier by the National Institute of Standards and Technology (NIST) SP 1800-181 NICE Framework. The NICE framework identifies tasks that are frequently included as being part of a cyber security work role. Advise senior management on risk levels and security posture for example (T0003) is an integral part of being a Privacy Officer or Privacy Compliance Officer, an Information System Security Manager and a Communications Security Manager three highly sought after roles within the Cyber security space. Through this resource I am able to translate the skills that I have been doing for years, into demonstrated work experience to support the shiny new Cyber security job I want. Once you have identified your Cyber experience you can provide specific examples of times you had to advise on risk or update your resume to target your career change. If you don’t have the skills for the target job you’ve identified in the Cyber security field you can see what type of experience you need to get in the door. Black Girls Hack will be tying the NICE Framework with the Bureau of Labor Statistics occupational outlook to provide What Can I Do cheat sheets that show various job categories within Cyber and what you need to do to get in those jobs.
Computer Network Architects
Computer network architects design and build data communication networks, including local area networks (LANs), wide area networks (WANs), and Intranets.
Entry Level Education – Bachelor’s degree
2019 Median Pay – $112,690 ($54.18/hour)
Job outlook – 5%
What they do: Network Architects design and build communication networks. They help develop the design of the network and what network tools and devices will be used for the design.
Where do I start: Learn Networking
Certifications: COMPTIA Network+
Where do they fall in the NIST – Network Operations Specialist under the Network Services Specialty Area
One of the questions I get most from people looking to switch or start fresh in a new career is where do I start? The answer: All roads lead to cyber. There is no one right way to get into cyber security.
I was reading a book on Imposter Syndrome by a guy who transitioned from a career in BARTENDING into cyber security. He used his knack for communication and his skills as a people person to get into Social Engineering. My point is that there are so many types of jobs in cyber security that you can use get your feet in the door.
The key to getting into cyber security is knowing where to start. There may be multiple skills or knowledge areas that you have that translate into a particular sector of Cyber security. What are you good at? What do you enjoy doing? What skills do you use at your current job, or which skills would you like to use? The National Institute of Science and Technology(NIST) developed a workforce framework to help translate skills and knowledge areas into specific jobs. NIST’s Workforce Framework, called the National Initiative for Cyber security Education (NICE) Cyber security Workforce Framework is set up into workforce Categories, Specialty Areas, Work Roles, Tasks, Knowledge Descriptions, Skills, and Abilities. Review the lists of Skills, Abilities, and Knowledge Descriptions and take note of which ones you have and or which ones you would like to learn. From there in Appendix B you can find which jobs use those specific skills. That will tell you the names of the types of jobs you should be looking for.
In the What Do I Want To Do category within the BlackGirlsHack blog, you will find a listing of those jobs tied back to salary, pay, required amount of education, and Job Outlook for the next 10 years which represents the projected percent change in employment from 2018 to 2028.